Bug 478327 - radvd needs an SELinux rule
radvd needs an SELinux rule
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-12-28 03:04 EST by Allen Kistler
Modified: 2009-01-15 10:43 EST (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.3.1-117.fc9.noarch
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-15 10:43:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Allen Kistler 2008-12-28 03:04:23 EST
Description of problem:
AVC denials appear in audit.log when radvd starts.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. start radvd
2. look in audit.log
Actual results:
28 messages logged to audit.log that look like
type=AVC msg=audit(1230449705.134:2914): avc:  denied  { net_admin } for  pid=21
290 comm="radvd" capability=12 scontext=unconfined_u:system_r:radvd_t:s0 tcontex
t=unconfined_u:system_r:radvd_t:s0 tclass=capability

Expected results:
No AVC denials

Additional info:
I've only started using radvd, so I'm not certain what functionality is getting blocked.  Nevertheless, I generated and installed the following policy with audit2allow.

require {
        type radvd_t;
        class capability net_admin;
require {
        type radvd_t;
        class capability net_admin;

#============= radvd_t ==============
allow radvd_t self:capability net_admin;
Comment 1 Miroslav Grepl 2009-01-05 07:48:12 EST
Fixed in selinux-policy-3.3.1-117.fc9.noarch
Comment 2 Allen Kistler 2009-01-08 19:37:27 EST
Fix verified.  I'll close the bug when 117 (or later) goes to updates for F9.
Comment 3 Allen Kistler 2009-01-15 10:43:11 EST
selinux-policy-3.3.1-117.fc9.noarch is in updates.  Closing.

Note You need to log in before you can comment on or make changes to this bug.